In a NAT or terminal server environment, the following is the recommended setup:
-
If your traffic is directly pointing to Cloud Proxy, it is recommended to use Enforcement Agent (EA). This way TMWS will be able to save the user information in EA and can determine who is currently login without clearing the browser cache.
For first-time users, you must access an HTTP or decrypted HTTPS website so that TMWS could determine who the user is.
For decrypted HTTPS, the first CONNECT packet is recorded to the previously authenticated user. TMWS will ask for a new authentication and records it with the right person.
- Captive Portal: It will require to input the username only.
- Transparent: No username required
To configure the HTTPS decryption rule, refer to the TMWS Online Help topic: Configuring A Decryption Rule.
-
If the traffic is pointing to an On-premise gateway, TMWS would not be able to identify the new user of the same PC or users that share the same IP address even if the user clears the browser cookie/cache. The user information is identified using the IP address and not by only the cookie.
Enforcement Agent does not co-work with On-premise gateway.